You can replace the default certificate that comes with a Virtual Trusted Platform Module (vTPM) device.
You must have a vTPM-enabled virtual machine in your environment.
- Connect to vCenter Server by using the vSphere Client.
- Select an object in the inventory that is a valid parent object of a virtual machine, for example, an ESXi host or a cluster.
- Select the vTPM-enabled virtual machine in the inventory whose certificate information you want to replace.
- Click the Configure tab.
- Under TPM select Signing Requests.
- Select a certificate.
- To export the certificate information, click Export.
The certificate is saved to disk.
- Get a certificate issued by a third-party certificate authority (CA) against the certificate signing request (CSR) you exported.
You can use any CA that you might have in your IT environment.
- When you have the new certificate, replace the existing certificate.
- Right-click the virtual machine in the inventory whose certificate you want to replace and select Edit Settings.
- In the Edit Settings dialog box, expand Security Devices, then expand Trusted Platform Module.
The certificates appear.
- Click Replace for the certificate you want to replace.
The File Upload dialog box appears.
- On your local machine, locate the new certificate and upload it.
The new certificate replaces the default certificate that came with your vTPM device.
- The certificate name is updated in the virtual machine Summary tab under the Virtual Trusted Platform Module list.